Passing parameter in request body or request header- what is difference and pros and cons of each?

Question

I have api that is exposed to multiple clients. They all when requesting any resource send me a "sourceId" through which i identify which client the request is coming from:

Should i accept "sourceId" in body or in headers? How would it impact in the future?

Headers make more sense as this is something that would remain static for a particular client but i can't think of a good reason as to how i can decide which parameter to send in body and which in headers?

Answer 1

For some HTTP methods, such as HEAD, GET and DELETE, the request payload has no defined semantics and sending a payload body on a such requests might cause some existing implementations to reject the requests. For further details, check the RFC 7231, the current reference for semantics and content in HTTP/1.1.

Sending the parameter in a HTTP header should work for all HTTP methods though.

If the source identifier is an API key or it's used for authentication, it should be sent in the Authorization header. There are many APIs that define custom HTTP headers like X-API-Key or X-Source-ID. I would avoid that though.

Answer 2

The main reason for it to be in the header is that not all rest methods have a body, for example GET. In most cases the data your request is interested on would be in the body, but information about the request itself would be on the headers. For example if you want informarion about your sourceid then it would be either in the body or as part of the uri, but if the sourceid is just a way to authenticate the caller when asking for information about something else then it would be in the headers.